Examples of ACL

• co.cask.cdap.api.security.ACL
  Represents an entry in the Access Control List.
• com.cloudera.lib.service.ACL
• com.ecyrd.jspwiki.auth.acl.Acl

  Defines an access control list (ACL) for wiki pages. An Access Control List is a data structure used to guard access to resources. An ACL can be thought of as a data structure with multiple ACL entries. Each ACL entry, of interface type AclEntry, contains a set of positive permissions associated with a particular principal. (A principal represents an entity such as an individual user or a group). The ACL Entries in each ACL observe the following rules:

  • Each principal can have at most one ACL entry; that is, multiple ACL entries are not allowed for any principal. Each entry specifies the set of permissions that are to be granted
  • If there is no entry for a particular principal, then the principal is considered to have a null (empty) permission set

  This interface is a highly stripped-down derivation of the java.security.acl.Acl interface. In particular, the notion of an Acl "owner" has been eliminated, since JWPWiki pages do not have owners. An additional simplification compared to the standard Java package is that negative permissions have been eliminated. Instead, JSPWiki assumes a "default-deny" security stance: principals are granted no permissions by default, and posesses only those that have been explicitly granted to them. And finally, the getPermissions() and checkPermission() methods have been eliminated due to the complexities associated with resolving Role principal membership.

  @author Andrew Jaquith @since 2.3
• com.emc.atmos.api.Acl
• com.emc.esu.api.Acl
  An Access Control List (ACL) is a collection of Grants that assign privileges to users and/or groups.
• com.github.sardine.model.Acl
  xample.com/acl/users/gstein</D:href> </D:owner>
• com.google.code.com.sun.mail.imap.ACL
  An access control list entry for a particular authentication identifier (user or group). Associates a set of Rights with the identifier. See RFC 2086.

  @author Bill Shannon

• com.google.feedserver.resource.Acl
  ACL bean / resource
• com.googlecode.sardine.model.Acl
  xample.com/acl/users/gstein</D:href> </D:owner>
• com.intridea.io.vfs.operations.Acl
  ACL for S3. Usage samples: Allow everyone to read: acl.allow(Acl.Group.GUEST, Acl.Permission.READ); Allow all authorized users to read and write: Acl.Permission[] rights = {Acl.Permission.READ, Acl.Permission.WRITE}; acl.allow(Acl.Group.AUTHORIZED, rights); Deny all (owner still has access to overwrite ACL): acl.denyAll(); @author Marat Komarov @author Alex Kovalyov
• com.sun.jna.examples.win32.WinNT.ACL
• com.sun.jna.platform.win32.WinNT.ACL
  @author dblock[at]dblock[dot]org
• com.sun.mail.imap.ACL
  An access control list entry for a particular authentication identifier (user or group). Associates a set of Rights with the identifier. See RFC 2086.

  @author Bill Shannon

• de.iritgo.aktera.permissions.security.Acl
• gabriel.acl.Acl
  Access control list for managing permissions. ACLs contain entries which map principals to permissions. @author Stephan J. Schmidt @version $Id: Acl.java,v 1.2 2004/06/24 07:26:21 stephan Exp $
• hudson.security.ACL
  ins-ci.org/display/JENKINS/Making+your+plugin+behave+in+secured+Hudson
• lotus.domino.ACL
• loxia.web.annotation.Acl
• org.acegisecurity.acls.Acl
  Represents an access control list (ACL) for a domain object.

  An Acl represents all ACL entries for a given domain object. In order to avoid needing references to the domain object itself, this interface handles indirection between a domain object and an ACL object identity via the {@link org.acegisecurity.acls.objectidentity.ObjectIdentity} interface.

  An implementation represents the {@link org.acegisecurity.acls.Permission}list applicable for some or all {@link org.acegisecurity.acls.sid.Sid}instances.

  @author Ben Alex @version $Id: Acl.java 1784 2007-02-24 21:00:24Z luke_t $
• org.apache.chemistry.opencmis.commons.data.Acl
  Access Control List (ACL).
• org.apache.cloudstack.api.ACL
• org.apache.wiki.auth.acl.Acl

  Defines an access control list (ACL) for wiki pages. An Access Control List is a data structure used to guard access to resources. An ACL can be thought of as a data structure with multiple ACL entries. Each ACL entry, of interface type AclEntry, contains a set of positive permissions associated with a particular principal. (A principal represents an entity such as an individual user or a group). The ACL Entries in each ACL observe the following rules:

  • Each principal can have at most one ACL entry; that is, multiple ACL entries are not allowed for any principal. Each entry specifies the set of permissions that are to be granted
  • If there is no entry for a particular principal, then the principal is considered to have a null (empty) permission set

  This interface is a highly stripped-down derivation of the java.security.acl.Acl interface. In particular, the notion of an Acl "owner" has been eliminated, since JWPWiki pages do not have owners. An additional simplification compared to the standard Java package is that negative permissions have been eliminated. Instead, JSPWiki assumes a "default-deny" security stance: principals are granted no permissions by default, and posesses only those that have been explicitly granted to them. And finally, the getPermissions() and checkPermission() methods have been eliminated due to the complexities associated with resolving Role principal membership.

  @since 2.3
• org.apache.zookeeper.data.ACL
• org.apache.zookeeper_voltpatches.data.ACL
• org.glite.authz.pap.authz.ACL
  This class represents an Access Control List for the PAP authorization engine. PAP ACLs assign permissions (ie, {@link PAPPermission} objects) to PAP administrators(ie, {@link PAPAdmin} objects). @author andrea
• org.intalio.tempo.workflow.auth.ACL
• org.jboss.security.acl.ACL

  This interface represents an Access Control List (ACL), a data structure used to protect access to resources. It is composed of entries, where each entry is represented by the ALCEntry class and represents the permissions assigned to a given identity.

  When a client attempts to perform an operation on a resource, the ACL associated to the resource is used to verify if the client has enough permissions to perform that operation. In order to do that, the ACLEntry corresponding to the client's identity is retrieved and then the permission set contained in the entry is verified to decide if access should be granted or not.

  @author Stefan Guilhen
• org.jmanage.core.auth.ACL
  Date: Apr 8, 2005 @author Rakesh Kalra
• org.modeshape.web.shared.Acl
  @author kulikov
• org.nuxeo.ecm.core.api.security.ACL
• org.openntf.domino.ACL
  The Interface that represents the access control list (ACL) of an IBM Domino database.
• org.springframework.security.acls.model.Acl
  Represents an access control list (ACL) for a domain object.

  An Acl represents all ACL entries for a given domain object. In order to avoid needing references to the domain object itself, this interface handles indirection between a domain object and an ACL object identity via the {@link org.springframework.security.acls.model.ObjectIdentity} interface.

  Implementing classes may elect to return instances that represent {@link org.springframework.security.acls.model.Permission} information for eithersome OR all {@link org.springframework.security.acls.model.Sid}instances. Therefore, an instance may NOT necessarily contain ALL Sids for a given domain object.

  @author Ben Alex

Examples of hudson.security.ACL

        protected Permission getPermission() {
            return Permission.READ;
        }

        protected ACL getACL() {
            return new ACL() {
                public boolean hasPermission(Authentication a, Permission permission) {
                     return true;
                }
            };
        }

Examples of hudson.security.ACL

    static {
        XSTREAM.alias("user",User.class);
    }

    public ACL getACL() {
        final ACL base = Jenkins.getInstance().getAuthorizationStrategy().getACL(this);
        // always allow a non-anonymous user full control of himself.
        return new ACL() {
            public boolean hasPermission(Authentication a, Permission permission) {
                return (a.getName().equals(id) && !(a instanceof AnonymousAuthenticationToken))
                        || base.hasPermission(a, permission);
            }
        };
    }

Examples of lotus.domino.ACL

  @SuppressWarnings("unchecked")
  private List<String> getUserRoles(String user) {
    List<String> roles = null;
    Database db = ExtLibUtil.getCurrentDatabase();
    try {
      ACL acl = db.getACL();
      if (acl != null) {
        ACLEntry entry = acl.getEntry(user);
        if (entry != null) {
          roles = (List<String>)entry.getRoles();
          entry.recycle();
        }
        acl.recycle();
      }
    }
    catch (Exception e) {
      e.printStackTrace();
    }

Examples of loxia.web.annotation.Acl

    OperatingUnitDao operatingUnitDao = (OperatingUnitDao)ctx.getBean("loxiaOperatingUnitDao");

    String strMethod = invocation.getProxy().getMethod();
    Method m = getActionMethod(action.getClass(), strMethod);
    Acl acl = m.getAnnotation(Acl.class);
    if(acl == null)
      acl = action.getClass().getAnnotation(Acl.class);

    boolean needCheck = true;
    boolean needCredential = true;
    if(acl == null){
      needCheck = false;
      needCredential = false;
    }else if(acl.value().length == 0
        || Arrays.asList(acl.value()).contains(""))
      needCheck = false;
    if(logger.isDebugEnabled()){
      if(needCredential)
        logger.debug("Credential is required.");
      logger.debug("Current ACL:{}", needCheck ? acl : "");
    }

    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();

    if(needCredential && authentication == null){
      logger.error("Session timeout.");
      throw new BusinessException(PreserveErrorCode.SESSION_TIMEOUT);
    }

    if(needCheck){
      BaseProfileAction act = (BaseProfileAction)action;

      LoxiaUserDetails userDetails = (LoxiaUserDetails)authentication.getPrincipal();
      logger.debug("Current Principal:" + userDetails);
      String entryAcl = act.getAcl();
      if(entryAcl != null){
        userDetails.setCurrentOu(null);
        logger.debug("Function Entrance... Organization need to repick");

        for(GrantedAuthority auth: userDetails.getAuthorities()){
          LoxiaGrantedAuthority lauth = (LoxiaGrantedAuthority)auth;
          if(lauth.getAuthority().equals(entryAcl)){
            userDetails.setCurrentAuthority(lauth);
            break;
          }
        }
        if(userDetails.getCurrentAuthority() == null ||
            userDetails.getCurrentAuthority().getOuIds().size() == 0){
          logger.error("No sufficicent privilege.");
          throw new BusinessException(PreserveErrorCode.NO_SUFFICICENT_PRIVILEGE);
        }else{
          if(userDetails.getCurrentAuthority().
              getOuIds().size() == 1){
            userDetails.setCurrentOu(operatingUnitDao.getByPrimaryKey(
                userDetails.getCurrentAuthority().getOuIds().iterator().next()));
          }else{
            logger.debug("Redirect Invocation");

            String url = request.getRequestURI();
            Enumeration<String> paramNames = request.getParameterNames();
            StringBuffer paramsSb = new StringBuffer();
            while (paramNames.hasMoreElements()) {
              String name = (String) paramNames.nextElement();
              if (!"acl".equalsIgnoreCase(name)){
                paramsSb.append(name + "=" + request.getParameter(name) + "&");
              }
            }
            if (paramsSb.length() > 0){
              paramsSb.deleteCharAt(paramsSb.length()-1);
              url = url + "?" + paramsSb.toString();
            }
            request.getSession().setAttribute(BaseAction.FOLLOWING_URL_AFTER_OPERATING_UNIT_PICKUP, url);
            response.sendRedirect(request.getContextPath() + "/operatingunitpickup.do");
            return null;
          }
        }
      }else{
        if(act.getSelectedOuId() != null){
          //set Current OperatingUint in up
          userDetails.setCurrentOu(operatingUnitDao.getByPrimaryKey(act.getSelectedOuId()));
        }else{
          if(!userDetails.checkAuthority(acl.value())){
            logger.error("No sufficicent privilege.");
            throw new BusinessException(PreserveErrorCode.NO_SUFFICICENT_PRIVILEGE);
          }
        }
      }

Examples of loxia.web.annotation.Acl

      logger.info("Currently we only check privilege on controllers.");
      return pjp.proceed(pjp.getArgs());
    }

    MethodSignature ms = (MethodSignature)pjp.getSignature();
    Acl acl = ms.getMethod().getAnnotation(Acl.class);

    logger.debug("Acl found: {}", Arrays.asList(acl.value()));
    OperatingUnitDao operatingUnitDao = (OperatingUnitDao)context.getBean("loxiaOperatingUnitDao");
    OperatingUnit currentOu = null;
    Annotation[][] paramAnnos = ms.getMethod().getParameterAnnotations();
    for(int i=0; i < paramAnnos.length; i++){
      for(int j=0; j< paramAnnos[i].length; j++){
        if(paramAnnos[i][j] != null && paramAnnos[i][j] instanceof CurrentOu){
          Long ouId = null;
          if(pjp.getArgs()[i] instanceof OperatingUnit){
            ouId = ((OperatingUnit)pjp.getArgs()[i]).getId();
          }else if(pjp.getArgs()[i] instanceof Long){
            ouId = (Long)pjp.getArgs()[i];
          }else
            throw new IllegalArgumentException("Current Ou setting error.");
          if(ouId != null)
            currentOu = operatingUnitDao.getByPrimaryKey(ouId);
          if(currentOu == null)
            throw new IllegalArgumentException("Current Ou is null.");
          break;
        }
      }
      if(currentOu != null) break;
    }

    if(currentOu != null){
      logger.debug("New current ou is set:{}[{}]", currentOu.getName(), currentOu.getId());
      controller.setCurrentOperatingUnit(currentOu);
    }else{
      logger.debug("Current ou isn't changed.");
    }

    if(controller.getCurrentOperatingUnit() == null){
      logger.warn("Current ou is null.");
      throw new BusinessException(PreserveErrorCode.NO_SUFFICICENT_PRIVILEGE);
    }
    if(controller.checkPrivilege(acl.value())){
      logger.debug("User pass the authorization.");
      return pjp.proceed(pjp.getArgs());
    }else{
      throw new BusinessException(PreserveErrorCode.NO_SUFFICICENT_PRIVILEGE);
    }

Examples of org.acegisecurity.acls.Acl

        Sid[] sids = sidRetrievalStrategy.getSids(SecurityContextHolder.getContext().getAuthentication());
        ObjectIdentity oid = objectIdentityRetrievalStrategy.getObjectIdentity(resolvedDomainObject);

        // Obtain aclEntrys applying to the current Authentication object
        try {
            Acl acl = aclService.readAclById(oid, sids);

            if (acl.isGranted(requiredPermissions, sids, false)) {
                return Tag.EVAL_BODY_INCLUDE;
            } else {
                return Tag.SKIP_BODY;
            }
        } catch (NotFoundException nfe) {

Examples of org.apache.chemistry.opencmis.commons.data.Acl

    }

    private String createDocument(String name, String folderId, String typeId, Map<String, Object> properties,
            VersioningState verState, ContentStream contentStream) {
        List<String> policies = null;
        Acl addACEs = null;
        Acl removeACEs = null;
        ExtensionsData extension = null;

        Properties props = createDocumentProperties(name, typeId, properties);

        String id = null;

Examples of org.apache.chemistry.opencmis.commons.data.Acl

        String objectId = getObjectId();
        return getBinding().getAclService().getAcl(getRepositoryId(), objectId, onlyBasicPermissions, null);
    }

    public Acl applyAcl(List<Ace> addAces, List<Ace> removeAces, AclPropagation aclPropagation) {
        Acl result = getSession().applyAcl(this, addAces, removeAces, aclPropagation);

        refresh();

        return result;
    }

Examples of org.apache.chemistry.opencmis.commons.data.Acl

    }

    public Acl createAcl(List<Ace> aces) {
        BindingsObjectFactory bof = getBindingsObjectFactory();

        Acl acl = bof.createAccessControlList(aces);

        return acl;
    }

Examples of org.apache.chemistry.opencmis.commons.data.Acl

        ChangeType changeType = null;
        GregorianCalendar changeTime = null;
        String objectId = null;
        Map<String, List<?>> properties = null;
        List<String> policyIds = null;
        Acl acl = null;

        if (objectData.getChangeEventInfo() != null) {
            changeType = objectData.getChangeEventInfo().getChangeType();
            changeTime = objectData.getChangeEventInfo().getChangeTime();
        }